General
-
Target
a9aee788049651ab7d0fbc44e42f9050d0ab1c6456631dd3a4aa5ce86162e65c
-
Size
1012KB
-
Sample
230324-k66cpsfe2s
-
MD5
2d770256b37b93c01701cc35225f38e2
-
SHA1
d62319a33aa58c8009be72dc9c5c4676f55bf043
-
SHA256
a9aee788049651ab7d0fbc44e42f9050d0ab1c6456631dd3a4aa5ce86162e65c
-
SHA512
ef8fd1b70967116b444b6345610bdaf1f1817de2ef990701a8c65ee9316c519c3d0bf040d658044d9bd70eaab81a70d53ad7c123e7c5fadf5e5812049229d1e7
-
SSDEEP
24576:TyW0cZEblXcyXGZ5zgE5bvgPmMnafBiecLbwX98Qfqp15+IiO:mW0ciZXcy2Z50E5TgeCaf/cnq98Qfqr5
Static task
static1
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
bolt
193.233.20.31:4125
-
auth_value
29540c7bf0277243e2faf6601e15a754
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
a9aee788049651ab7d0fbc44e42f9050d0ab1c6456631dd3a4aa5ce86162e65c
-
Size
1012KB
-
MD5
2d770256b37b93c01701cc35225f38e2
-
SHA1
d62319a33aa58c8009be72dc9c5c4676f55bf043
-
SHA256
a9aee788049651ab7d0fbc44e42f9050d0ab1c6456631dd3a4aa5ce86162e65c
-
SHA512
ef8fd1b70967116b444b6345610bdaf1f1817de2ef990701a8c65ee9316c519c3d0bf040d658044d9bd70eaab81a70d53ad7c123e7c5fadf5e5812049229d1e7
-
SSDEEP
24576:TyW0cZEblXcyXGZ5zgE5bvgPmMnafBiecLbwX98Qfqp15+IiO:mW0ciZXcy2Z50E5TgeCaf/cnq98Qfqr5
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-